To get started using the VMware NSX® Intelligence™ features, you must activate it and then familiarize yourself with the NSX Intelligence user interface.

Overview

NSX Intelligence is a modern application that is hosted on the VMware NSX® Application Platform, which is a platform based on a microservices architecture.

NSX Intelligence provides the following capabilities.

  • A visualization of the security posture of your VMware NSX® environment. The visualization uses the network traffic flows aggregated within the time period specified (the default is 5 minutes)..

  • Assist you with microsegmentation planning by making NSX Intelligence firewall rule recommendations that use network traffic analytics with enforcement on security policies.

  • The NSX Suspicious Traffic functionality that uses network traffic analytics to detect suspicious network traffic activities that are occurring in your NSX 3.2 or later environment.

Prerequisites

Before you can use the NSX Intelligence features using the NSX Manager UI, the following prerequisites must be met.

  1. Deploy the NSX Application Platform and activate the NSX Intelligence feature on that platform.

  2. Configure from which hosts or clusters of hosts NSX Intelligence is to collect the network traffic data.

    By default, the NSX Intelligence feature collects network traffic data from all known hosts and clusters of hosts in your NSX environment.

For more information, see Activating and Upgrading VMware NSX Intelligence delivered with the NSX Intelligence Documentation set.

Start Using NSX Intelligence

After you activate and configure the NSX Intelligence application, the visualization, recommendation, and suspicious traffic functionalities become available in the NSX Manager UI.

  • The Plan & Troubleshoot > Dashboard displays a summary of the latest security posture, flow trends, summary of detected suspicious traffic events, any pending actions or current settings that might require your attention, and additional insights into the top traffic flows detected. See Using the NSX Intelligence Dashboard.

  • To see the visualized NSX entities and the traffic flows that occurred between them, click Plan & Troubleshoot > Discover & Take Action. See Understanding the Views and Flows in NSX Intelligence.

  • To obtain distributed firewall (DFW) policy recommendations for microsegmentation planning, use Plan & Troubleshoot > Recommendations. See Working with NSX Intelligence Recommendations.

  • To use the NSX Suspicious Traffic feature to perform network traffic analysis and detect suspicious traffic events, click Security > Suspicious Traffic. If the VMware NSX® Network Detection and Response™ feature is also activated, detected suspicious events are flagged and sent to the VMware NSX® Advanced Threat Prevention service. If the service found the detected events to be related, those events are correlated into a campaign that you can investigate further using the NSX Network Detection and Response user interface. See Detecting Suspicious Traffic Events in NSX for details.

Get familiar with the NSX Intelligence user interface using the information provided in this section.